Skip to content Skip to navigation

Friday Cyber News, June 8 2018

Cyber technology-related news and links from around the web, for the week of 6/2 - 6/8:

1. For Facebook, when it rains it pours: Data-sharing partnerships revealed this week between Facebook and device manufacturers allowed access to a user's friends' data, even if those friends had limited the sharing of their data with third parties. Former Facebook executive Sandy Parakilas notes that the sharing of friends' data was flagged internally as a privacy issue in 2012, but persisted until 2018. Among these data-sharing agreements is one providing private access to user data to Huawei, which has been flagged as a US national security threat. A privacy bug affecting 14M Facebook users falsely assured them that the system would retain privacy settings for post visibility, but instead reverted those settings to 'public' regardless of previous privacy-preserving selections. The state of Washington is suing Facebook (and Google) for failing to maintain information on who paid for election ads, thereby violating state campaign finance law. Jaron Lanier's new book, Ten Arguments for Deleting Your Social Media Accounts Right Now, gets straight to the point. [Thom Yorke; NY Times; Seattle Times; TechCrunch; Reuters; Amazon]

2. Leaked emails reveal that the FCC's claims that its comments board suffered a DDoS attack were fabricated. [Gizmodo]

3. Ron Hansen (not Robert Hanssen), a former Defense Intelligence Agency case officer, was arrested on suspicion of spying for China and providing information about US Cyber Command activities. [Wikipedia; NY Times]

4. Google has backed away from its AI-related defense work, and declared it will not pursue future DoD contracts similar to Project Maven, an AI drone-footage analysis project that many Google employees formally protested. Following that decision, Google has released a set of principles that guide its AI work, including social benefit, safety, accountability, removal of bias, privacy, and scientific rigor. [Bloomberg; Google Blog]

5. Russian cyber espionage group Sofacy (aka Fancy Bear) has changed tactics, no longer targeting a small group of selected individuals within an organization, but rather using a parallel approach to reach many targets simultaneously. The latter strategy is commonly used by financially-motivated attackers, as it leads to short-term rather than long-term effects. [Bleeping Computer]

6.​ Crowdstrike is offering customers a $1M warranty for breaches that occur while using their product, though $1M is far less than the average breach cost of $3.6M. [Cyberscoop; CSO Online] 

7. This week in blockchain: tokenization to replace paper checks in China, Russian farmers are turning to cryptocurrencies to avoid 12% interest on bank-issued small-business loans, and MasterCard filed a patent to record credit card details on a blockchain for retrieval by a payment terminal that scans a code, possibly on a customer's phone. [Coindesk; CNN; Coindesk]

8. Both Apple and Google are launching dashboards and tools with an eye toward digital wellbeing. The new tools will allow users to monitor how much time they're spending on their phones, and with what apps, and to set limits for certain types of activity. [The Verge]

9. Account information from customers of MyHeritage, a DNA genealogy site, was breached, but no genetic information was exfiltrated. DNA databases have been under scrutiny by privacy advocates after their role in forensic investigations, such as the Golden State Killer case, was publicized after the apprehension of a suspect. [MyHeritage; Wired]

10. MIT researchers have generated a "psychopathic AI" by training it on images of people dying in gruesome ways. The AI, which they named Norman, interprets inkblots in morbid ways. The state whose residents have the riskiest behaviors with respect to cybersecurity is...Florida. Disinfoportal is an interactive tool for learning about the Kremlin's online disinformation campaigns, with fun videos. [BBC; Webroot; Disinfoportal]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)